Assemblyman Jeff Gorell (R-Camarillo) introduced Assembly Bill 1560, a measure designed to protect the privacy of Californians who use the Covered California website to shop for health insurance. This legislation has become necessary after it was revealed last month that the state had distributed the personal information of tens of thousands of people who visited the government website to insurance telemarketers without the knowledge or consent of these shoppers.

“There is an expectation of privacy when people provide personal information to their government, particularly in regards to health insurance and sensitive medical issues,” stated Assemblyman Gorell. “You certainly don’t expect the government to hand your personal information over to telemarketers.”

Gorell added, “California’s Constitution considers personal privacy to be an inalienable right, and AB 1560 honors that by requiring that Covered California keep site visitor information private unless the customer explicitly gives consent to be contacted.”

Covered California is the state’s health insurance exchange, designed to enroll people in a health insurance plan as mandated by the federal Affordable Care Act. Shoppers are not required to use Covered California for their insurance, and it is expected that the majority of Californians will continue to receive their health care coverage outside of the state exchange. However, many people who visited the Covered California website to compare their options were later surprised by unsolicited calls and emails from insurance salesmen who were given their information by the state.

In addition to the privacy concerns already raised, the current law falls short regarding mandatory public notification if a security breach occurs. Incidents have already occurred in other states such as Minnesota, where 2,400 people’s private information, including Social Security numbers, were leaked to an unintended recipient. Additionally, the U.S. Government Accountability Office reported that 4,172 data security incidents affected the Centers for Medicare and Medicaid Services in 2012 alone. In order to ensure consumer protection, AB 1560 would augment current law to provide that any security incident involving personal information, regardless of size or severity, would constitute a mandatory trigger of notification.